Two security researchers, Sam Curry and Shubham Shah, uncovered significant vulnerabilities in a Subaru web portal a year ago. These flaws allowed them to remotely hijack car controls and access driver location data, posing a serious threat to user privacy and vehicle safety. Upon discovery, the researchers promptly reported their findings to Subaru, which has since addressed and fixed these vulnerabilities. However, the issue extends beyond Subaru, as similar web-based vulnerabilities potentially affect other major carmakers, including Acura, Genesis, Honda, Hyundai, Infiniti, Kia, and Toyota.
Curry and Shah's discovery highlights a critical security issue within the automotive industry as more cars incorporate advanced connected technology. Their findings, detailed in a Wired article, underscore the need for heightened security measures across the sector. The researchers caution that while fixing individual security flaws is necessary, it only temporarily addresses a more pervasive problem affecting the entire industry.
“Whether somebody’s cheating on their wife or getting an abortion or part of some political group, there are a million scenarios where you could weaponize this against someone,” – Sam Curry
While Subaru has acted swiftly to resolve the vulnerabilities, it remains unclear if the other affected carmakers have taken similar steps to safeguard their systems. The researchers emphasize that this is not a problem isolated to Subaru but rather indicative of a widespread issue that necessitates industry-wide attention and resolution.
The vulnerabilities revealed by Curry and Shah demonstrate the potential risks associated with the growing trend of integrating internet-connected technology in vehicles. The ability to control cars remotely and track driver locations could be exploited for malicious purposes, putting users at risk.
Leave a Reply